A Socio-Technical Framework for Threat Modeling A Software Supply Chain
2013 (English)In: The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13: Conference Proceedings / [ed] Anthony Vance, International Federation for Information Processing, 2013Conference paper (Refereed)
In this paper we suggest a possible threat modeling approach for software supply chain. A Socio-technical approach is discussed and applied for modeling software supply chain security based on a case study of Swedish armed forces (SWAF). First we review current practices and theories for threat modeling of software supply chain. Then we suggest the application of a socio-technical framework for studying software supply chain security problem from a systemic viewpoint. Afterward we propose a step-by-step approach for threat modeling including modeling the target system, identifying threats and analyzing countermeasures. We also present a Delphi groups validation of the socio-technical framework.
Place, publisher, year, edition, pages
International Federation for Information Processing, 2013.
Threat modeling, software supply chain, socio-technical framework, social-technical approach
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-97703OAI: oai:DiVA.org:su-97703DiVA: diva2:679933
The 2013 Dewald Roode Workshop on Information Systems Security Research, October 4-5, 2013, Niagara Falls, New York, USA